ciphera-net/pulse
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 15 Wiki Activity

fix: improve error handling in authentication flow; validate access token and format, and ensure proper state verification in callback

Browse Source
This commit is contained in:
Usman Baig
2026-02-01 21:07:17 +01:00
parent 0dee4a699a
commit af5d9631e5
3 changed files with 54 additions and 42 deletions
Download Patch File Download Diff File Expand all files Collapse all files

24
app/auth/callback/page.tsx
View File

@@ -43,30 +43,24 @@ function AuthCallbackContent() {
const code = searchParams.get('code')
const state = searchParams.get('state')
// * Skip if params are missing (might be initial render before params are ready)
if (!code || !state) return
processedRef.current = true
const storedState = localStorage.getItem('oauth_state')
const codeVerifier = localStorage.getItem('oauth_code_verifier')
if (!code || !state) {
setError('Missing code or state')
if (!codeVerifier) {
setError('Missing code verifier')
return
}
if (state !== storedState) {
console.error('State mismatch', { received: state, stored: storedState })
setError('Invalid state')
return
}
if (state !== storedState) {
console.error('State mismatch', { received: state, stored: storedState })
setError('Invalid state')
return
}
if (!codeVerifier) {
setError('Missing code verifier')
return
}
processedRef.current = true
const exchangeCode = async () => {
try {